.NET Reactor 混淆 C# 的序列化和反序列化存在的问题
- 1、使用二进制格式化器进行序列化和反序列化
-
- 1.1、定义可序列化对象
- 1.2、使用对象的序列化和反序列化保存和读取配置文件
- [1.3、使用 .NET Reactor 混淆程序后,无法读取配置](#1.3、使用 .NET Reactor 混淆程序后,无法读取配置)
- [2、改用 XML 进行序列化和反序列化避免混淆出错](#2、改用 XML 进行序列化和反序列化避免混淆出错)
-
- 2.1、定义对象
- [2.2、使用 XML 序列化和反序列化保存和读取配置文件](#2.2、使用 XML 序列化和反序列化保存和读取配置文件)
- [2.3、使用 .NET Reactor 混淆程序后,读取程序配置正常](#2.3、使用 .NET Reactor 混淆程序后,读取程序配置正常)
1、使用二进制格式化器进行序列化和反序列化
1.1、定义可序列化对象
csharp
[Serializable] // 对象可序列化标记
public class AppConfig
{
/// <summary>程序开发者</summary>
public string RLStudio { get; set; } = "雨水工作室";
/// <summary>ADCP项目MMT文件</summary>
public string AdcpMmtPathFile { get; set; } = Environment.CurrentDirectory;
/// <summary>ADCP项目目录</summary>
public string AdcpProjectPath { get; set; } = Environment.CurrentDirectory;
/// <summary>长江航道局水位数据文件</summary>
public string CJHDJDataPathFile { get; set; } = Environment.CurrentDirectory;
/// <summary>Hypack 数据文件</summary>
public string HypackPathFile { get; set; } = Environment.CurrentDirectory;
/// <summary>YAC9900 SD卡数据文件</summary>
public string YAC9900SdPathFile { get; set; } = Environment.CurrentDirectory;
/// <summary>RTK 数据文件</summary>
public string RtkDataPathFile { get; set; } = Environment.CurrentDirectory;
//省略......
}1.2、使用对象的序列化和反序列化保存和读取配置文件
csharp
using System.Runtime.Serialization.Formatters.Binary;
partial class HypackDataProce : Form
{
AppConfig appConfig = new AppConfig();
private void HypackDataProce_Load(object sender, EventArgs e)
{
string ConfigFile = Application.StartupPath + "\\config.cfg";
if (File.Exists(ConfigFile))
{
try
{
//创建二进制格式化器
BinaryFormatter formatter = new BinaryFormatter();
//创建文件流
using (FileStream fs = new FileStream(ConfigFile, FileMode.Open, FileAccess.Read, FileShare.Read))
{
appConfig = (AppConfig)formatter.Deserialize(fs);//调用序列化方法,获取配置
}
}
catch
{
}
}
}
public void SaveAppConfig()
{
try
{
string ConfigFile = Application.StartupPath + "\\config.cfg";
//创建二进制格式化器
BinaryFormatter formatter = new BinaryFormatter();
//创建文件流
using (FileStream fs = new FileStream(ConfigFile, FileMode.Create, FileAccess.ReadWrite, FileShare.ReadWrite))
{
formatter.Serialize(fs, appConfig); //调用序列化方法,保存配置
}
}
catch
{
}
}
}1.3、使用 .NET Reactor 混淆程序后,无法读取配置
没有混淆的程序,运行没有任何错误,使用 .NET Reactor 混淆程序后,无法读取配置,查看配置文件,与不混淆保存的配置文件存在很大的差别。
没有混淆时的配置文件,使用文本打开:
bash
FHypackDataProce, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null )HypackDataProce.UserPublicClass+AppConfig <RLStudio>k__BackingField <AdcpMmtPathFile>k__BackingField <AdcpProjectPath>k__BackingField"<CJHDJDataPathFile>k__BackingField<HypackPathFile>k__BackingField"<YAC9900SdPathFile>k__BackingField <RtkDataPathFile>k__BackingField(<MeasureParamMenuChecked>k__BackingField(<MeasurePlaneMenuChecked>k__BackingField,<MeasureDataSheetMenuChecked>k__BackingField*<MeasureProfileMenuChecked>k__BackingField"<MeasureParamWidth>k__BackingField#<MeasureParamHeight>k__BackingField!<MeasureParamLeft>k__BackingField <MeasureParamTop>k__BackingField&<MeasureDataSheetWidth>k__BackingField'<MeasureDataSheetHeight>k__BackingField%<MeasureDataSheetLeft>k__BackingField$<MeasureDataSheetTop>k__BackingField"<MeasurePlaneWidth>k__BackingField#<MeasurePlaneHeight>k__BackingField!<MeasurePlaneLeft>k__BackingField <MeasurePlaneTop>k__BackingField$<MeasureProfileWidth>k__BackingField%<MeasureProfileHeight>k__BackingField#<MeasureProfileLeft>k__BackingField"<MeasureProfileTop>k__BackingField 闆ㄦ按宸ヤ綔瀹? &F:\Source Code\HydroDatPro\bin\Release &F:\Source Code\HydroDatPro\bin\Release &F:\Source Code\HydroDatPro\bin\Release 8E:\2024澶ф柇闈鍗楀拃20240311\鍗楀拃涓柇闈0003.RAW &F:\Source Code\HydroDatPro\bin\Release &F:\Source Code\HydroDatPro\bin\Release? ? 4 ? ~ ? ? ? ? ? ? h 可以发现 PublicKeyToken=null ,HypackDataProce.UserPublicClass+AppConfig ,混淆后保存的配置文件,这 2 项内容也被混淆,可见 .NET Reactor 对二进制格式化器 BinaryFormatter 的序列化和反序列化存在漏洞。
C# 2017 net.framework 框架下,谁有二进制序列化和反序列化更好的方法呢?
2、改用 XML 进行序列化和反序列化避免混淆出错
2.1、定义对象
csharp
public class AppConfig
{
/// <summary>程序开发者</summary>
public string RLStudio { get; set; } = "雨水工作室";
/// <summary>ADCP项目MMT文件</summary>
public string AdcpMmtPathFile { get; set; } = Environment.CurrentDirectory;
/// <summary>ADCP项目目录</summary>
public string AdcpProjectPath { get; set; } = Environment.CurrentDirectory;
/// <summary>长江航道局水位数据文件</summary>
public string CJHDJDataPathFile { get; set; } = Environment.CurrentDirectory;
/// <summary>Hypack 数据文件</summary>
public string HypackPathFile { get; set; } = Environment.CurrentDirectory;
/// <summary>YAC9900 SD卡数据文件</summary>
public string YAC9900SdPathFile { get; set; } = Environment.CurrentDirectory;
/// <summary>RTK 数据文件</summary>
public string RtkDataPathFile { get; set; } = Environment.CurrentDirectory;
//省略......
}2.2、使用 XML 序列化和反序列化保存和读取配置文件
csharp
using System.Xml.Serialization;
partial class HypackDataProce : Form
{
AppConfig appConfig = new AppConfig();
private void HypackDataProce_Load(object sender, EventArgs e)
{
string ConfigFile = Application.StartupPath + "\\config.cfg";
if (File.Exists(ConfigFile))
{
try
{
XmlSerializer serializer = new XmlSerializer(typeof(AppConfig));// 创建XmlSerializer实例,指定要反序列化的类型
using (FileStream fileStream = new FileStream(ConfigFile, FileMode.Open))
{
appConfig = (AppConfig)serializer.Deserialize(fileStream);// 反序列化 XML 到 AppConfig 对象
}
}
catch
{
}
}
}
public void SaveAppConfig()
{
try
{
string ConfigFile = Application.StartupPath + "\\config.cfg";
XmlSerializer serializer = new XmlSerializer(typeof(AppConfig));// 创建XmlSerializer实例,指定要反序列化的类型
using (TextWriter writer = new StreamWriter(ConfigFile))
{
serializer.Serialize(writer, appConfig);
}
}
catch
{
}
}
}2.3、使用 .NET Reactor 混淆程序后,读取程序配置正常
bash
<?xml version="1.0" encoding="utf-8"?>
<AppConfig xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RLStudio>雨水工作室</RLStudio>
<AdcpMmtPathFile>F:\Source Code\HydroDatPro\bin\Release</AdcpMmtPathFile>
<AdcpProjectPath>F:\Source Code\HydroDatPro\bin\Release</AdcpProjectPath>
<CJHDJDataPathFile>F:\Source Code\HydroDatPro\bin\Release</CJHDJDataPathFile>
<HypackPathFile>F:\Source Code\HydroDatPro\bin\Release</HypackPathFile>
<YAC9900SdPathFile>F:\Source Code\HydroDatPro\bin\Release</YAC9900SdPathFile>
<RtkDataPathFile>F:\Source Code\HydroDatPro\bin\Release</RtkDataPathFile>
<MeasureParamMenuChecked>true</MeasureParamMenuChecked>
<MeasurePlaneMenuChecked>true</MeasurePlaneMenuChecked>
<MeasureDataSheetMenuChecked>true</MeasureDataSheetMenuChecked>
<MeasureProfileMenuChecked>true</MeasureProfileMenuChecked>
<MeasureParamWidth>216</MeasureParamWidth>
<MeasureParamHeight>793</MeasureParamHeight>
<MeasureParamLeft>0</MeasureParamLeft>
<MeasureParamTop>180</MeasureParamTop>
<MeasureDataSheetWidth>564</MeasureDataSheetWidth>
<MeasureDataSheetHeight>1022</MeasureDataSheetHeight>
<MeasureDataSheetLeft>1150</MeasureDataSheetLeft>
<MeasureDataSheetTop>0</MeasureDataSheetTop>
<MeasurePlaneWidth>436</MeasurePlaneWidth>
<MeasurePlaneHeight>367</MeasurePlaneHeight>
<MeasurePlaneLeft>483</MeasurePlaneLeft>
<MeasurePlaneTop>0</MeasurePlaneTop>
<MeasureProfileWidth>959</MeasureProfileWidth>
<MeasureProfileHeight>662</MeasureProfileHeight>
<MeasureProfileLeft>206</MeasureProfileLeft>
<MeasureProfileTop>360</MeasureProfileTop>
</AppConfig>